Web services security

Web services security

Web services security

Web services security is enforced using a combination of basic authentication
challenge/response for the HTTP protocol and system-level access control using the Contextual
Security Manager.

To enforce basic authentication on each Web Service request, each request must contain the
Authorization header as specified in the Basic
Authentication
protocol. Because the request is non-interactive, the Authorization header
is required in a request.

There is an added advantage when you supply basic authentication information whether or not it
is required: the data that is created or updated as a result of the Web service invocation is
done on behalf of the user supplied in the basic authentication credentials. For example, when
creating an Incident record, the journal fields will contain the user ID
of basic authenticated user, instead of the default "Guest" user.